001
014
015 package com.liferay.portlet.login.action;
016
017 import com.liferay.portal.CompanyMaxUsersException;
018 import com.liferay.portal.CookieNotSupportedException;
019 import com.liferay.portal.NoSuchUserException;
020 import com.liferay.portal.PasswordExpiredException;
021 import com.liferay.portal.UserEmailAddressException;
022 import com.liferay.portal.UserIdException;
023 import com.liferay.portal.UserLockoutException;
024 import com.liferay.portal.UserPasswordException;
025 import com.liferay.portal.UserScreenNameException;
026 import com.liferay.portal.kernel.log.Log;
027 import com.liferay.portal.kernel.log.LogFactoryUtil;
028 import com.liferay.portal.kernel.servlet.SessionErrors;
029 import com.liferay.portal.kernel.util.Http;
030 import com.liferay.portal.kernel.util.ParamUtil;
031 import com.liferay.portal.kernel.util.Validator;
032 import com.liferay.portal.security.auth.AuthException;
033 import com.liferay.portal.struts.PortletAction;
034 import com.liferay.portal.theme.ThemeDisplay;
035 import com.liferay.portal.util.PortalUtil;
036 import com.liferay.portal.util.PropsValues;
037 import com.liferay.portal.util.WebKeys;
038 import com.liferay.portlet.PortletPreferencesFactoryUtil;
039 import com.liferay.portlet.login.util.LoginUtil;
040
041 import javax.portlet.ActionRequest;
042 import javax.portlet.ActionResponse;
043 import javax.portlet.PortletConfig;
044 import javax.portlet.PortletPreferences;
045 import javax.portlet.RenderRequest;
046 import javax.portlet.RenderResponse;
047
048 import javax.servlet.http.HttpServletRequest;
049 import javax.servlet.http.HttpServletResponse;
050 import javax.servlet.http.HttpSession;
051
052 import org.apache.struts.action.ActionForm;
053 import org.apache.struts.action.ActionForward;
054 import org.apache.struts.action.ActionMapping;
055
056
059 public class LoginAction extends PortletAction {
060
061 @Override
062 public void processAction(
063 ActionMapping mapping, ActionForm form, PortletConfig portletConfig,
064 ActionRequest actionRequest, ActionResponse actionResponse)
065 throws Exception {
066
067 ThemeDisplay themeDisplay = (ThemeDisplay)actionRequest.getAttribute(
068 WebKeys.THEME_DISPLAY);
069
070 if (PropsValues.AUTH_LOGIN_DISABLED) {
071 actionResponse.sendRedirect(
072 themeDisplay.getPathMain() +
073 PropsValues.AUTH_LOGIN_DISABLED_PATH);
074
075 return;
076 }
077
078
083
084 try {
085 PortletPreferences preferences =
086 PortletPreferencesFactoryUtil.getPortletSetup(actionRequest);
087
088 login(themeDisplay, actionRequest, actionResponse, preferences);
089
090 boolean doActionAfterLogin = ParamUtil.getBoolean(
091 actionRequest, "doActionAfterLogin");
092
093 if (doActionAfterLogin) {
094 setForward(actionRequest, "portlet.login.login_redirect");
095 }
096 }
097 catch (Exception e) {
098 if (e instanceof AuthException) {
099 Throwable cause = e.getCause();
100
101 if (cause instanceof PasswordExpiredException ||
102 cause instanceof UserLockoutException) {
103
104 SessionErrors.add(actionRequest, cause.getClass());
105 }
106 else {
107 if (_log.isInfoEnabled()) {
108 _log.info("Authentication failed");
109 }
110
111 SessionErrors.add(actionRequest, e.getClass());
112 }
113 }
114 else if (e instanceof CompanyMaxUsersException ||
115 e instanceof CookieNotSupportedException ||
116 e instanceof NoSuchUserException ||
117 e instanceof PasswordExpiredException ||
118 e instanceof UserEmailAddressException ||
119 e instanceof UserIdException ||
120 e instanceof UserLockoutException ||
121 e instanceof UserPasswordException ||
122 e instanceof UserScreenNameException) {
123
124 SessionErrors.add(actionRequest, e.getClass());
125 }
126 else {
127 _log.error(e, e);
128
129 PortalUtil.sendError(e, actionRequest, actionResponse);
130 }
131 }
132 }
133
134 @Override
135 public ActionForward render(
136 ActionMapping mapping, ActionForm form, PortletConfig portletConfig,
137 RenderRequest renderRequest, RenderResponse renderResponse)
138 throws Exception {
139
140 return mapping.findForward(
141 getForward(renderRequest, "portlet.login.login"));
142 }
143
144 protected String getCompleteRedirectURL(
145 HttpServletRequest request, String redirect) {
146
147 HttpSession session = request.getSession();
148
149 Boolean httpsInitial = (Boolean)session.getAttribute(
150 WebKeys.HTTPS_INITIAL);
151
152 String portalURL = null;
153
154 if (PropsValues.COMPANY_SECURITY_AUTH_REQUIRES_HTTPS &&
155 !PropsValues.SESSION_ENABLE_PHISHING_PROTECTION &&
156 (httpsInitial != null) && !httpsInitial.booleanValue()) {
157
158 portalURL = PortalUtil.getPortalURL(request, false);
159 }
160 else {
161 portalURL = PortalUtil.getPortalURL(request);
162 }
163
164 return portalURL.concat(redirect);
165 }
166
167 @Override
168 protected boolean isCheckMethodOnProcessAction() {
169 return _CHECK_METHOD_ON_PROCESS_ACTION;
170 }
171
172 protected void login(
173 ThemeDisplay themeDisplay, ActionRequest actionRequest,
174 ActionResponse actionResponse, PortletPreferences preferences)
175 throws Exception {
176
177 HttpServletRequest request = PortalUtil.getHttpServletRequest(
178 actionRequest);
179 HttpServletResponse response = PortalUtil.getHttpServletResponse(
180 actionResponse);
181
182 String login = ParamUtil.getString(actionRequest, "login");
183 String password = actionRequest.getParameter("password");
184 boolean rememberMe = ParamUtil.getBoolean(actionRequest, "rememberMe");
185
186 String authType = preferences.getValue("authType", null);
187
188 LoginUtil.login(
189 request, response, login, password, rememberMe, authType);
190
191 if (PropsValues.PORTAL_JAAS_ENABLE) {
192 actionResponse.sendRedirect(
193 themeDisplay.getPathMain() + "/portal/protected");
194 }
195 else {
196 String redirect = ParamUtil.getString(actionRequest, "redirect");
197
198 if (Validator.isNotNull(redirect)) {
199 redirect = PortalUtil.escapeRedirect(redirect);
200
201 if (!redirect.startsWith(Http.HTTP)) {
202 redirect = getCompleteRedirectURL(request, redirect);
203 }
204
205 actionResponse.sendRedirect(redirect);
206 }
207 else {
208 boolean doActionAfterLogin = ParamUtil.getBoolean(
209 actionRequest, "doActionAfterLogin");
210
211 if (doActionAfterLogin) {
212 return;
213 }
214 else {
215 actionResponse.sendRedirect(themeDisplay.getPathMain());
216 }
217 }
218 }
219 }
220
221 private static final boolean _CHECK_METHOD_ON_PROCESS_ACTION = false;
222
223 private static Log _log = LogFactoryUtil.getLog(LoginAction.class);
224
225 }